Table Of Contents
default-router
delay (tracking)
delay (virtual server)
deny (IP)
dns-server
domain-name (DHCP)
dynamic
faildetect
forwarding-agent
glbp authentication
glbp forwarder preempt
glbp ip
glbp load-balancing
glbp preempt
glbp priority
glbp timers redirect
glbp timers
glbp weighting track
glbp weighting
hardware-address
host
default-router
To specify the default router list for a Dynamic Host Configuration Protocol (DHCP) client, use the default-router command in DHCP pool configuration mode. To remove the default router list, use the no form of this command.
default-router address [address2...address8]
no default-router
Syntax Description
address
|
Specifies the IP address of a router. One IP address is required, although you can specify up to eight addresses in one command line.
|
address2...address8
|
(Optional) Specifies up to eight addresses in the command line.
|
Defaults
No default behavior or values.
Command Modes
DHCP pool configuration
Command History
Release
|
Modification
|
12.0(1)T
|
This command was introduced.
|
Usage Guidelines
The IP address of the router should be on the same subnet as the client subnet. You can specify up to eight routers in the list. Routers are listed in order of preference (address1 is the most preferred router, address2 is the next most preferred router, and so on).
Examples
The following example specifies 10.12.1.99 as the IP address of the default router:
default-router 10.12.1.99
Related Commands
Command
|
Description
|
ip dhcp pool
|
Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.
|
delay (tracking)
To specify a period of time to delay communicating state changes of a tracked object, use the delay command in tracking configuration mode. To disable the delay period, use the no form of this command.
delay {up seconds down seconds | up seconds | down seconds}
no delay {up seconds down seconds | up seconds | down seconds}
Syntax Description
up
|
Specifies the up delay.
|
down
|
Specifies the down delay.
|
seconds
|
Delay value in seconds.
|
Defaults
No default behavior or values
Command Modes
Tracking configuration
Command History
Release
|
Modification
|
12.2(15)T
|
This command was introduced.
|
Usage Guidelines
This command is available to all tracked objects.
Examples
In the following example, the tracking process is tracking the IP route metric threshold. The delay period to communicate the changes of the tracked object to the client process is set to 30 seconds.
track 1 ip route 10.22.0.0/16 metric threshold
threshold metric up 16 down 20
delay (virtual server)
To change the amount of time IOS Server Load Balancing (IOS SLB) maintains TCP connection context after a connection has terminated, use the delay command in SLB virtual server configuration mode. To restore the default delay timer, use the no form of this command.
delay {duration | radius framed-ip duration}
no delay {duration | radius framed-ip duration}
Syntax Description
duration
|
Delay timer duration for TCP connection context, in seconds. The valid range is 1 to 600 seconds. The default value is 10 seconds.
|
radius framed-ip duration
|
Delay timer for RADIUS framed-ip sticky database, in seconds. The valid range is 1 to 600 seconds. The default value is 10 seconds.
|
Defaults
The default duration for the TCP connection context is 10 seconds.
The default duration for the RADIUS framed-ip sticky database is 10 seconds.
Command Modes
SLB virtual server configuration
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced.
|
12.1(5)T
|
This command was integrated into Cisco IOS Release 12.1(5)T.
|
12.2
|
This command was integrated into Cisco IOS Release 12.2.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.1(18)E
|
The radius and framed-ip keywords and the duration argument were added.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Usage Guidelines
The TCP connection context delay timer allows out-of-sequence packets and final acknowledgments (ACKs) to be delivered after a TCP connection ends. Do not set this value to zero (0).
If you are configuring a TCP connection context delay timer for HTTP flows, choose a low number such as 5 seconds as a starting point.
For the Home Agent Director, the delay command has no meaning and is not supported.
Examples
The following example specifies that IOS SLB maintains TCP connection context for 30 seconds after a connection has terminated:
Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# delay 30
Related Commands
Command
|
Description
|
show ip slb vservers
|
Displays information about the virtual servers defined to IOS SLB.
|
virtual
|
Configures the virtual server attributes.
|
deny (IP)
To set conditions in a named IP access list that will deny packets, use the deny command in access list configuration mode.To remove a deny condition from an access list, use the no form of this command.
[sequence-number] deny source [source-wildcard]
[sequence-number] deny protocol source source-wildcard destination destination-wildcard
[precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
no sequence-number
no deny source [source-wildcard]
no deny protocol source source-wildcard destination destination-wildcard
Internet Control Message Protocol (ICMP)
[sequence-number] deny icmp source source-wildcard destination destination-wildcard [icmp-type
[icmp-code] | icmp-message] [precedence precedence] [tos tos] [log] [time-range
time-range-name] [fragments]
Internet Group Management Protocol (IGMP)
[sequence-number] deny igmp source source-wildcard destination destination-wildcard
[igmp-type] [precedence precedence] [tos tos] [log] [time-range time-range-name]
[fragments]
Transmission Control Protocol (TCP)
[sequence-number] deny tcp source source-wildcard [operator port [port]] destination
destination-wildcard [operator [port]] [established] [precedence precedence] [tos tos] [log]
[time-range time-range-name] [fragments]
User Datagram Protocol (UDP)
[sequence-number] deny udp source source-wildcard [operator port [port]] destination
destination-wildcard [operator [port]] [precedence precedence] [tos tos] [log] [time-range
time-range-name] [fragments]
Syntax Description
sequence-number
|
(Optional) Sequence number assigned to the deny statement, causing the system to insert the statement in that numbered position in the access list.
|
source
|
Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:
• Use a 32-bit quantity in four-part, dotted-decimal format.
• Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.
• Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
|
source-wildcard
|
Wildcard bits to be applied to the source. There are three alternative ways to specify the source wildcard:
• Use a 32-bit quantity in four-part, dotted decimal format. Place 1s in the bit positions you want to ignore.
• Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.
• Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
|
protocol
|
Name or number of an Internet protocol. It can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range from 0 to 255 representing an Internet protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the ip keyword. Some protocols allow further qualifiers described later.
|
destination
|
Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination:
• Use a 32-bit quantity in four-part, dotted-decimal format.
• Use the any keyword as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255.
• Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
|
destination-wildcard
|
Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard:
• Use a 32-bit quantity in four-part, dotted decimal format. Place 1s in the bit positions you want to ignore.
• Use the any keyword as an abbreviation for a destination and destination-wildcard of 0.0.0.0 255.255.255.255.
• Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
|
precedence precedence
|
(Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by name as listed in the section "Usage Guidelines."
|
tos tos
|
(Optional) Packets can be filtered by type of service (ToS) level, as specified by a number from 0 to 15, or by name as listed in the section "Usage Guidelines" of the access-list (IP extended) command.
|
log
|
(Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP, or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval.
Use the ip access-list log-update command to generate logging messages when the number of matches reaches a configurable threshold (rather than waiting for a 5-minute interval). See the ip access-list log-update command for more information.
The logging facility might drop some logging message packets if there are too many to be handled or if there is more than one logging message to be handled in 1 second. This behavior prevents the router from crashing due to too many logging packets. Therefore, the logging facility should not be used as a billing tool or an accurate source of the number of matches to an access list.
If you enable CEF and then create an access list that uses the log keyword, the packets that match the access list are not CEF switched. They are fast switched. Logging disables CEF.
|
time-range time-range-name
|
(Optional) Name of the time range that applies to this deny statement. The name of the time range and its restrictions are specified by the time-range and absolute or periodic commands, respectively.
|
fragments
|
(Optional) The access list entry applies to noninitial fragments of packets; the fragment is either permitted or denied accordingly. For more details about the fragments keyword, see the "Access List Processing of Fragments" and "Fragments and Policy Routing" sections in the "Usage Guidelines" section.
|
icmp-type
|
(Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255.
|
icmp-code
|
(Optional) ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255.
|
icmp-message
|
(Optional) ICMP packets can be filtered by an ICMP message type name or ICMP message type and code name. The possible names are listed in the section "Usage Guidelines" of the access-list (IP extended) command.
|
igmp-type
|
(Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the section "Usage Guidelines" of the access-list (IP extended) command.
|
operator
|
(Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard, it must match the source port.
If the operator is positioned after the destination and destination-wildcard, it must match the destination port.
The range operator requires two port numbers. All other operators require one port number.
|
port
|
(Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP and UDP port names are listed in the section "Usage Guidelines" of the access-list (IP extended) command.
TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP.
|
established
|
(Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection.
|
Defaults
There is no specific condition under which a packet is denied passing the named access list.
Command Modes
Access list configuration
Command History
Release
|
Modification
|
11.2
|
This command was introduced.
|
12.0(1)T
|
The time-range time-range-name keyword and argument were added.
|
12.0(11) and 12.1(2)
|
The fragments keyword was added.
|
12.2(13)T
|
The igrp keyword was removed because the IGRP protocol is no longer available in Cisco IOS software.
|
12.2(14)S
|
The sequence-number argument was added.
|
12.2(15)T
|
The sequence-number argument was integrated into 12.2(15)T and the igrp keyword was removed.
|
Usage Guidelines
Use this command following the ip access-list command to specify conditions under which a packet cannot pass the named access list.
The time-range option allows you to identify a time range by name. The time-range, absolute, and periodic commands specify when this deny statement is in effect.
Access List Processing of Fragments
The behavior of access-list entries regarding the use or lack of the fragments keyword can be summarized as follows:
If the Access-List Entry has...
|
Then..
|
...no fragments keyword (the default behavior), and assuming all of the access-list entry information matches,
|
For an access-list entry containing only Layer 3 information:
• The entry is applied to nonfragmented packets, initial fragments and noninitial fragments.
For an access list entry containing Layer 3 and Layer 4 information:
• The entry is applied to nonfragmented packets and initial fragments.
– If the entry is a permit statement, the packet or fragment is permitted.
– If the entry is a deny statement, the packet or fragment is denied.
• The entry is also applied to noninitial fragments in the following manner. Because noninitial fragments contain only Layer 3 information, only the Layer 3 portion of an access-list entry can be applied. If the Layer 3 portion of the access-list entry matches, and
– If the entry is a permit statement, the noninitial fragment is permitted.
– If the entry is a deny statement, the next access-list entry is processed.
Note The deny statements are handled differently for noninitial fragments versus nonfragmented or initial fragments.
|
...the fragments keyword, and assuming all of the access-list entry information matches,
|
Note The access-list entry is applied only to noninitial fragments. The fragments keyword cannot be configured for an access-list entry that contains any Layer 4 information.
|
Be aware that you should not simply add the fragments keyword to every access list entry because the first fragment of the IP packet is considered a nonfragment and is treated independently of the subsequent fragments. An initial fragment will not match an access list permit or deny entry that contains the fragments keyword, the packet is compared to the next access list entry, and so on, until it is either permitted or denied by an access list entry that does not contain the fragments keyword. Therefore, you may need two access list entries for every deny entry. The first deny entry of the pair will not include the fragments keyword, and applies to the initial fragment. The second deny entry of the pair will include the fragments keyword and applies to the subsequent fragments. In the cases where there are multiple deny access list entries for the same host but with different Layer 4 ports, a single deny access-list entry with the fragments keyword for that host is all that needs to be added. Thus all the fragments of a packet are handled in the same manner by the access list.
Packet fragments of IP datagrams are considered individual packets and each counts individually as a packet in access list accounting and access list violation counts.
Note
The fragments keyword cannot solve all cases involving access lists and IP fragments.
Fragments and Policy Routing
Fragmentation and the fragment control feature affect policy routing if the policy routing is based on the match ip address command and the access list had entries that match on Layer 4 through 7 information. It is possible that noninitial fragments pass the access list and are policy routed, even if the first fragment was not policy routed or the reverse.
By using the fragments keyword in access list entries as described earlier, a better match between the action taken for initial and noninitial fragments can be made and it is more likely policy routing will occur as intended.
Examples
The following example sets a deny condition for a standard access list named Internetfilter:
ip access-list standard Internetfilter
deny 192.5.34.0 0.0.0.255
permit 128.88.0.0 0.0.255.255
permit 36.0.0.0 0.255.255.255
! (Note: all other access implicitly denied)
The following example denies HTTP traffic on Monday through Friday from 8:00 a.m. to 6:00 p.m.:
periodic weekdays 8:00 to 18:00
ip access-list extended strict
deny tcp any any eq http time-range no-http
ip access-group strict in
The following example adds an entry with the sequence number 25 to extended IP access list 150:
Router(config)# ip access-list extended 150
Router(config-std-nacl)# 25 deny ip host 3.3.3.3 host 45.5.5.34
The following example removes the entry with the sequence number 25 from the standard access list example shown above:
Router(config-std-nacl)# no 25
Related Commands
Command
|
Description
|
access-list (IP extended)
|
Defines an extended IP access list.
|
access-list (IP extended)
|
Defines a standard IP access list.
|
ip access-group
|
Controls access to an interface.
|
ip access-list
|
Defines an IP access list by name.
|
ip access-list log-update
|
Sets the threshold number of packets that cause a logging message.
|
ip access-list resequence
|
Applies sequence numbers to the access list entries in an access list.
|
permit (IP)
|
Sets conditions under which a packet passes a named IP access list.
|
remark
|
Writes a helpful comment (remark) for an entry in a named IP access list.
|
show ip access-list
|
Displays the contents of all current IP access lists.
|
time-range
|
Specifies when an access list or other feature is in effect.
|
dns-server
To specify the Domain Name System (DNS) IP servers available to a Dynamic Host Configuration Protocol (DHCP) client, use the dns-server command in DHCP pool configuration mode. To remove the DNS server list, use the no form of this command.
dns-server address [address2...address8]
no dns-server
Syntax Description
address
|
The IP address of a DNS server. One IP address is required, although you can specify up to eight addresses in one command line.
|
address2...address8
|
(Optional) Specifies up to eight addresses in the command line.
|
Defaults
If DNS IP servers are not configured for a DHCP client, the client cannot correlate host names to IP addresses.
Command Modes
DHCP pool configuration
Command History
Release
|
Modification
|
12.0(1)T
|
This command was introduced.
|
Usage Guidelines
Servers are listed in order of preference (address1 is the most preferred server, address2 is the next most preferred server, and so on).
Examples
The following example specifies 10.12.1.99 as the IP address of the domain name server of the client:
Related Commands
Command
|
Description
|
domain-name (DHCP)
|
Specifies the domain name for a DHCP client.
|
ip dhcp pool
|
Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.
|
domain-name (DHCP)
To specify the domain name for a Dynamic Host Configuration Protocol (DHCP) client, use the domain-name command in DHCP pool configuration mode. To remove the domain name, use the no form of this command.
domain-name domain
no domain-name
Syntax Description
domain
|
Specifies the domain name string of the client.
|
Defaults
No default behavior or values.
Command Modes
DHCP pool configuration
Command History
Release
|
Modification
|
12.0(1)T
|
This command was introduced.
|
Examples
The following example specifies cisco.com as the domain name of the client:
Related Commands
Command
|
Description
|
dns-server
|
Specifies the DNS IP servers available to a DHCP client.
|
ip dhcp pool
|
Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.
|
dynamic
To define a named dynamic IP access list, use the dynamic command in access-list configuration mode. To remove the access lists, use the no form of this command.
dynamic dynamic-name [timeout minutes] {deny | permit} protocol source source-wildcard
destination destination-wildcard [precedence precedence] [tos tos] [log] [fragments]
no dynamic dynamic-name
Internet Control Message Protocol (ICMP)
dynamic dynamic-name [timeout minutes] {deny | permit} icmp source source-wildcard
destination destination-wildcard [icmp-type [icmp-code] | icmp-message]
[precedence precedence] [tos tos] [log] [fragments]
Internet Group Management Protocol (IGMP)
dynamic dynamic-name [timeout minutes] {deny | permit} igmp source source-wildcard
destination destination-wildcard [igmp-type] [precedence precedence] [tos tos] [log]
[fragments]
Transmission Control Protocol (TCP)
dynamic dynamic-name [timeout minutes] {deny | permit} tcp source source-wildcard
[operator [port]] destination destination-wildcard [operator [port]] [established] [precedence
precedence] [tos tos] [log] [fragments]
User Datagram Protocol (UDP)
dynamic dynamic-name [timeout minutes] {deny | permit} udp source source-wildcard
[operator [port]] destination destination-wildcard [operator [port]] [precedence precedence]
[tos tos] [log] [fragments]
Syntax Description
dynamic-name
|
Identifies this access list as a dynamic access list. Refer to lock-and-key access documented in the "Configuring Lock-and-Key Security (Dynamic Access Lists)" chapter in the Cisco IOS Security Configuration Guide.
|
timeout minutes
|
(Optional) Specifies the absolute length of time (in minutes) that a temporary access list entry can remain in a dynamic access list. The default is an infinite length of time and allows an entry to remain permanently. Refer to lock-and-key access documented in the "Configuring Lock-and-Key Security (Dynamic Access Lists)" chapter in the Cisco IOS Security Configuration Guide.
|
deny
|
Denies access if the conditions are matched.
|
permit
|
Permits access if the conditions are matched.
|
protocol
|
Name or number of an Internet protocol. It can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range from 0 to 255 representing an Internet protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the ip keyword. Some protocols allow further qualifiers described later.
|
source
|
Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:
• Use a 32-bit quantity in four-part, dotted decimal format.
• Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.
• Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
|
source-wildcard
|
Wildcard bits to be applied to source. There are three alternative ways to specify the source wildcard:
• Use a 32-bit quantity in four-part, dotted decimal format. Place 1s in the bit positions you want to ignore.
• Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.
• Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
|
destination
|
Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination:
• Use a 32-bit quantity in four-part, dotted decimal format.
• Use the any keyword as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255.
• Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
|
destination-wildcard
|
Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard:
• Use a 32-bit quantity in four-part, dotted-decimal format. Place 1s in the bit positions you want to ignore.
• Use the any keyword as an abbreviation for a destination and destination-wildcard of 0.0.0.0 255.255.255.255.
• Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
|
precedence precedence
|
(Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7, or by name as listed in the section "Usage Guidelines."
|
tos tos
|
(Optional) Packets can be filtered by type of service (ToS) level, as specified by a number from 0 to 15, or by name as listed in the section "Usage Guidelines."
|
log
|
(Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP, or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval.
The logging facility might drop some logging message packets if there are too many to be handled or if there is more than one logging message to be handled in 1 second. This behavior prevents the router from crashing due to too many logging packets. Therefore, the logging facility should not be used as a billing tool or an accurate source of the number of matches to an access list.
|
fragments
|
(Optional) The access list entry applies to noninitial fragments of packets; the fragment is either permitted or denied accordingly. For more details about the fragments keyword, see the "Access List Processing of Fragments" and "Fragments and Policy Routing" sections in the "Usage Guidelines" section.
|
icmp-type
|
(Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255.
|
icmp-code
|
(Optional) ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255.
|
icmp-message
|
(Optional) ICMP packets can be filtered by an ICMP message type name or ICMP message type and code name. The possible names are found in the section "Usage Guidelines."
|
igmp-type
|
(Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the section "Usage Guidelines."
|
operator
|
(Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard, it must match the source port.
If the operator is positioned after the destination and destination-wildcard, it must match the destination port.
The range operator requires two port numbers. All other operators require one port number.
|
port
|
(Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP and UDP port names are listed in the section "Usage Guidelines" of the access-list (IP extended) command. TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP.
|
established
|
(Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection.
|
Defaults
An extended access list defaults to a list that denies everything. An extended access list is terminated by an implicit deny statement.
Command Modes
Access-list configuration
Command History
Release
|
Modification
|
11.2
|
This command was introduced.
|
12.0(11)
|
The fragments keyword was added.
|
12.2(13)T
|
The igrp keyword was removed because the IGRP protocol is no longer available in Cisco IOS software.
|
Usage Guidelines
You can use named access lists to control the transmission of packets on an interface and restrict contents of routing updates. The Cisco IOS software stops checking the extended access list after a match occurs.
Fragmented IP packets, other than the initial fragment, are immediately accepted by any extended IP access list. Extended access lists used to control vty access or restrict the contents of routing updates must not match against the TCP source port, the ToS value, or the precedence of the packet.
Caution 
Named IP access lists will not be recognized by any software release prior to Cisco IOS Release 11.2.
Note
After an access list is created, any subsequent additions (possibly entered from the terminal) are placed at the end of the list. In other words, you cannot selectively add or remove access list command lines from a specific access list.
The following is a list of precedence names:
•
critical
•
flash
•
flash-override
•
immediate
•
internet
•
network
•
priority
•
routine
The following is a list of ToS names:
•
max-reliability
•
max-throughput
•
min-delay
•
min-monetary-cost
•
normal
The following is a list of ICMP message type names and ICMP message type and code names:
•
administratively-prohibited
•
alternate-address
•
conversion-error
•
dod-host-prohibited
•
dod-net-prohibited
•
echo
•
echo-reply
•
general-parameter-problem
•
host-isolated
•
host-precedence-unreachable
•
host-redirect
•
host-tos-redirect
•
host-tos-unreachable
•
host-unknown
•
host-unreachable
•
information-reply
•
information-request
•
mask-reply
•
mask-request
•
mobile-redirect
•
net-redirect
•
net-tos-redirect
•
net-tos-unreachable
•
net-unreachable
•
network-unknown
•
no-room-for-option
•
option-missing
•
packet-too-big
•
parameter-problem
•
port-unreachable
•
precedence-unreachable
•
protocol-unreachable
•
reassembly-timeout
•
redirect
•
router-advertisement
•
router-solicitation
•
source-quench
•
source-route-failed
•
time-exceeded
•
timestamp-reply
•
timestamp-request
•
traceroute
•
ttl-exceeded
•
unreachable
The following is a list of IGMP message names:
•
dvmrp
•
host-query
•
host-report
•
pim
•
trace
The following is a list of TCP port names that can be used instead of port numbers. Refer to the current assigned numbers RFC to find a reference to these protocols. Port numbers corresponding to these protocols can also be found if you type a ? in the place of a port number.
•
bgp
•
chargen
•
daytime
•
discard
•
domain
•
echo
•
finger
•
ftp
•
ftp-data
•
gopher
•
hostname
•
irc
•
klogin
•
kshell
•
lpd
•
nntp
•
pop2
•
pop3
•
smtp
•
sunrpc
•
syslog
•
tacacs-ds
•
talk
•
telnet
•
time
•
uucp
•
whois
•
www
The following is a list of UDP port names that can be used instead of port numbers. Refer to the current assigned numbers RFC to find a reference to these protocols. Port numbers corresponding to these protocols can also be found if you type a ? in the place of a port number.
•
biff
•
bootpc
•
bootps
•
discard
•
dns
•
dnsix
•
echo
•
mobile-ip
•
nameserver
•
netbios-dgm
•
netbios-ns
•
ntp
•
rip
•
snmp
•
snmptrap
•
sunrpc
•
syslog
•
tacacs-ds
•
talk
•
tftp
•
time
•
who
•
xdmcp
Access List Processing of Fragments
The behavior of access-list entries regarding the use or lack of the fragments keyword can be summarized as follows:
If the Access-List Entry has...
|
Then..
|
...no fragments keyword (the default behavior), and assuming all of the access-list entry information matches,
|
For an access-list entry containing only Layer 3 information:
• The entry is applied to nonfragmented packets, initial fragments and noninitial fragments.
For an access list entry containing Layer 3 and Layer 4 information:
• The entry is applied to nonfragmented packets and initial fragments.
– If the entry is a permit statement, the packet or fragment is permitted.
– If the entry is a deny statement, the packet or fragment is denied.
• The entry is also applied to noninitial fragments in the following manner. Because noninitial fragments contain only Layer 3 information, only the Layer 3 portion of an access-list entry can be applied. If the Layer 3 portion of the access-list entry matches, and
– If the entry is a permit statement, the noninitial fragment is permitted.
– If the entry is a deny statement, the next access-list entry is processed.
Note The deny statements are handled differently for noninitial fragments versus nonfragmented or initial fragments.
|
...the fragments keyword, and assuming all of the access-list entry information matches,
|
Note The access-list entry is applied only to noninitial fragments.The fragments keyword cannot be configured for an access-list entry that contains any Layer 4 information.
|
Be aware that you should not simply add the fragments keyword to every access list entry because the first fragment of the IP packet is considered a nonfragment and is treated independently of the subsequent fragments. An initial fragment will not match an access list permit or deny entry that contains the fragments keyword, the packet is compared to the next access list entry, and so on, until it is either permitted or denied by an access list entry that does not contain the fragments keyword. Therefore, you may need two access list entries for every deny entry. The first deny entry of the pair will not include the fragments keyword, and applies to the initial fragment. The second deny entry of the pair will include the fragments keyword and applies to the subsequent fragments. In the cases where there are multiple deny access list entries for the same host but with different Layer 4 ports, a single deny access-list entry with the fragments keyword for that host is all that needs to be added. Thus all the fragments of a packet are handled in the same manner by the access list.
Packet fragments of IP datagrams are considered individual packets and each counts individually as a packet in access list accounting and access list violation counts.
Note
The fragments keyword cannot solve all cases involving access lists and IP fragments.
Fragments and Policy Routing
Fragmentation and the fragment control feature affect policy routing if the policy routing is based on the match ip address command and the access list had entries that match on Layer 4 through 7 information. It is possible that noninitial fragments pass the access list and are policy routed, even if the first fragment was not policy routed or the reverse.
By using the fragments keyword in access list entries as described earlier, a better match between the action taken for initial and noninitial fragments can be made and it is more likely policy routing will occur as intended.
Examples
The following example defines a dynamic access list named washington:
ip access-group washington in
ip access-list extended washington
dynamic testlist timeout 5
permit tcp any host 185.302.21.2 eq 23
Related Commands
Command
|
Description
|
clear access-template
|
Clears a temporary access list entry from a dynamic access list manually.
|
distribute-list in (IP)
|
Filters networks received in updates.
|
distribute-list out (IP)
|
Suppresses networks from being advertised in updates.
|
ip access-group
|
Controls access to an interface.
|
ip access-list
|
Defines an IP access list by name.
|
logging console
|
Limits messages logged to the console based on severity.
|
show access-lists
|
Displays the contents of current IP and rate-limit access lists.
|
show ip access-list
|
Displays the contents of all current IP access lists.
|
faildetect
To specify the conditions that indicate a server failure, use the faildetect SLB real server configuration command. To restore the default values that indicate a server failure, use the no form of this command.
faildetect numconns number-conns [numclients number-clients]
no faildetect
Syntax Description
numconns
|
Number of consecutive TCP connection reassignments allowed before a real server is considered to have failed.
|
number-conns
|
Connection reassignment threshold value in the range from 1 to 255. The default is 8 connection failures.
|
numclients
|
(Optional) Number of unique client connection failures allowed before a real server is considered to have failed.
|
number-clients
|
(Optional) Client connection reassignment threshold value in the range from 1 to 8. The default is 2 client connection failures.
|
Defaults
If you do not specify the faildetect command, the default value of the connection reassignment threshold is 8.
If you do not specify the numclients keyword, the default value of the unique client failure threshold is 2.
Command Modes
SLB real server configuration
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced.
|
12.1(5)T
|
This command was integrated into Cisco IOS Release 12.1(5)T.
|
Examples
In the following example the connection reassignment threshold is set to 16 and, because the numclients keyword is not configured, the threshold for unique client connection failure is set to the default value 8. The real server is considered to have failed when 8 unique clients have had connection failures and there have been 16 connection reassignments.
Related Commands
Command
|
Description
|
real
|
Identifies a real server.
|
show ip slb reals
|
Displays information about the real servers.
|
show ip slb serverfarms
|
Displays information about the server farm configuration.
|
forwarding-agent
To specify the port on which the forwarding agent will listen for wildcard and fixed affinities, use the forwarding-agent CASA-port configuration command. To disable listening on that port, use the no form of the command.
forwarding-agent port-number [password [timeout]]
no forwarding-agent
Syntax Description
port-number
|
Port numbers on which the forwarding agent will listen for wildcards broadcast from the services manager. This must match the port number defined on the services manager.
|
password
|
(Optional) Text password used for generating the MD5 digest.
|
timeout
|
(Optional) Duration (in seconds) during which the Forwarding Agent will accept the new and old password. Valid range is from 0 to 3600 seconds. The default is 180 seconds.
|
Defaults
The default password timeout is 180 seconds.
The default port for the services manager is 1637.
Command Modes
CASA-port configuration
Command History
Release
|
Modification
|
12.0(5)T
|
This command was introduced.
|
Examples
The following example specifies that the forwarding agent will listen for wildcard and fixed affinities on port 1637:
Related Commands
Command
|
Description
|
show ip casa oper
|
Displays operational information about the Forwarding Agent.
|
glbp authentication
To configure an authentication string for the Gateway Load Balancing Protocol (GLBP), use the glbp authentication command in interface configuration mode. To delete an authentication string, use the no form of this command.
glbp group authentication text string
no glbp group authentication text string
Syntax Description
group
|
GLBP group number in the range from 0 to 1023.
|
text string
|
Specifies an authentication string. The number of characters in the command plus the text string must not exceed 255 characters.
|
Defaults
No authentication of GLBP messages occurs.
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
Usage Guidelines
The authentication string is sent in plain text in all GLBP messages. The same authentication string must be configured on all the routers that are configured to be members of the same GLBP group, to ensure interoperation. A router will ignore all GLBP messages that contain the wrong authentication string.
Examples
The following example configures stringxyz as the authentication string required to allow GLBP routers in group 10 to interoperate:
interface fastethernet 0/0
glbp 10 authentication text stringxyz
Related Commands
Command
|
Description
|
glbp ip
|
Enables GLBP.
|
glbp forwarder preempt
To configure a router to take over as active virtual forwarder (AVF) for a Gateway Load Balancing Protocol (GLBP) group if the current AVF falls below its low weighting threshold, use the glbp forwarder preempt command in interface configuration mode. To disable this function, use the no form of this command.
glbp group forwarder preempt [delay minimum seconds]
no glbp group forwarder preempt [delay minimum]
Syntax Description
group
|
GLBP group number in the range from 0 to 1023.
|
delay minimum seconds
|
(Optional) Specifies a minimum number of seconds that the router will delay before taking over the role of AVF. The range is from 0 to 3600 seconds with a default delay of 30 seconds.
|
Command Default
Forwarder preemption is enabled with a default delay of 30 seconds.
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Examples
The following example shows a router being configured to preempt the current AVF when the current AVF falls below its low weighting threshold. If the router preempts the current AVF, it waits 60 seconds before taking over the role of the AVF.
glbp 10 forwarder preempt delay minimum 60
Related Commands
Command
|
Description
|
glbp ip
|
Enables GLBP.
|
glbp ip
To activate the Gateway Load Balancing Protocol (GLBP), use the glbp ip command in interface configuration mode. To disable GLBP, use the no form of this command.
glbp group ip [ip-address [secondary]]
no glbp group ip [ip-address [secondary]]
Syntax Description
group
|
GLBP group number in the range from 0 to 1023.
|
ip-address
|
(Optional) Virtual IP address for the GLBP group. The IP address must be in the same subnet as the interface IP address.
|
secondary
|
(Optional) Indicates that the IP address is a secondary GLBP virtual address.
|
Defaults
GLBP is disabled by default.
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
Usage Guidelines
The glbp ip command activates GLBP on the configured interface. If an IP address is specified, that address is used as the designated virtual IP address for the GLBP group. If no IP address is specified, the designated address is learned from another router configured to be in the same GLBP group. For GLBP to elect an active virtual gateway (AVG), at least one router on the cable must have been configured with the designated address. A router must be configured with, or have learned, the virtual IP address of the GLBP group before assuming the role of a GLBP gateway or forwarder. Configuring the designated address on the AVG always overrides a designated address that is in use.
When the glbp ip command is enabled on an interface, the handling of proxy Address Resolution Protocol (ARP) requests is changed (unless proxy ARP was disabled). ARP requests are sent by hosts to map an IP address to a MAC address. The GLBP gateway intercepts the ARP requests and replies to the ARP on behalf of the connected nodes. If a forwarder in the GLBP group is active, proxy ARP requests are answered using the MAC address of the first active forwarder in the group. If no forwarder is active, proxy ARP responses are suppressed.
Examples
The following example activates GLBP for group 10 on Fast Ethernet interface 0/0. The virtual IP address to be used by the GLBP group is set to 10.21.8.10.
interface fastethernet 0/0
ip address 10.21.8.32 255.255.255.0
The following example activates GLBP for group 10 on Fast Ethernet interface 0/0. The virtual IP address used by the GLBP group will be learned from another router configured to be in the same GLBP group.
interface fastethernet 0/0
Related Commands
Command
|
Description
|
show glbp
|
Displays GLBP information.
|
glbp load-balancing
To specify the load-balancing method used by the active virtual gateway (AVG) of the Gateway Load Balancing Protocol (GLBP), use the glbp load-balancing command in interface configuration mode. To disable load balancing, use the no form of this command.
glbp group load-balancing [host-dependent | round-robin | weighted]
no glbp group load-balancing
Syntax Description
group
|
GLBP group number in the range from 0 to 1023.
|
host-dependent
|
(Optional) Specifies a load balancing method based on the MAC address of a host where the same forwarder is always used for a particular host while the number of GLBP group members remains unchanged.
|
round-robin
|
(Optional) Specifies a load balancing method where each virtual forwarder in turn is included in address resolution replies for the virtual IP address. This method is the default.
|
weighted
|
(Optional) Specifies a load balancing method that is dependent on the weighting value advertised by the gateway.
|
Defaults
The round-robin method is the default.
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
Usage Guidelines
Use the host-dependent method of GLBP load balancing when you need each host to always use the same router. Use the weighted method of GLBP load balancing when you need unequal load balancing because routers in the GLBP group have different forwarding capacities.
Examples
The following example shows the host-dependent load-balancing method being configured for the AVG of the GLBP group 10:
interface fastethernet 0/0
glbp 10 load-balancing host-dependent
Related Commands
Command
|
Description
|
show glbp
|
Displays GLBP information.
|
glbp preempt
To configure the gateway to take over as active virtual gateway (AVG) for a Gateway Load Balancing Protocol (GLBP) group if it has higher priority than the current AVG, use the glbp preempt command in interface configuration mode. To disable this feature, use the no form of this command.
glbp group preempt [delay minimum seconds]
no glbp group preempt [delay minimum]
Syntax Description
group
|
GLBP group number in the range from 0 to 1023.
|
delay minimum seconds
|
(Optional) Specifies a minimum number of seconds that the router will delay before taking over the role of AVG. The range is from 0 to 3600 seconds with a default delay of 30 seconds.
|
Defaults
A GLBP router with a higher priority than the current AVG cannot assume the role of AVG.
The default delay value is 30 seconds.
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
Examples
The following example shows a router being configured to preempt the current AVG when its priority of 254 is higher than that of the current AVG. If the router preempts the current AVG, it waits 60 seconds before assuming the role of AVG.
glbp 10 preempt delay minimum 60
Related Commands
Command
|
Description
|
glbp ip
|
Enables GLBP.
|
glbp priority
|
Sets the priority level of the router within a GLBP group.
|
glbp priority
To set the priority level of the gateway within a Gateway Load Balancing Protocol (GLBP) group, use the glbp priority command in interface configuration mode. To remove the priority level of the gateway, use the no form of this command.
glbp group priority level
no glbp group priority level
Syntax Description
group
|
GLBP group number in the range from 0 to 1023.
|
level
|
Priority of the gateway within the GLBP group. The range is from 1 to 255. The default is 100.
|
Defaults
level: 100
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
Usage Guidelines
Use this command to control which virtual gateway becomes the active virtual gateway (AVG). After the priorities of several different virtual gateways are compared, the gateway with the numerically higher priority is elected as the AVG. If two virtual gateways have equal priority, the gateway with the higher IP address is selected.
Examples
The following example shows a virtual gateway being configured with a priority of 254:
Related Commands
Command
|
Description
|
glbp ip
|
Enables GLBP.
|
glbp preempt
|
Configures a router to take over as the AVG for a GLBP group if it has higher priority than the current AVG.
|
glbp timers redirect
To configure the time during which the active virtual gateway (AVG) for a Gateway Load Balancing Protocol (GLBP) group continues to redirect clients to a secondary active virtual forwarder (AVF), use the glbp timers redirect command in interface configuration mode. To restore the redirect timers to their default values, use the no form of this command.
glbp group timers redirect redirect timeout
no glbp group timers redirect redirect timeout
Syntax Description
group
|
GLBP group number in the range from 0 to 1023.
|
redirect
|
Redirect timer interval (in seconds). The default is 300 seconds (5 minutes).
|
timeout
|
Time (in seconds) before the secondary virtual forwarder becomes unavailable. The default is 14,400 seconds (4 hours).
|
Defaults
redirect: 300 seconds
timeout: 14,400 seconds
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
Usage Guidelines
A virtual forwarder that is assigned a virtual MAC address by the AVG is known as a primary virtual forwarder. If the virtual forwarder has learned the virtual MAC address from hello messages, it is referred to as a secondary virtual forwarder.
The redirect timer sets the time delay between a forwarder failing on the network and the AVG assuming that the forwarder will not return. The virtual MAC address to which the forwarder was responsible for replying to is still given out in Address Resolution Protocol (ARP) replies, but the forwarding task is handled by another router in the GLBP group.
The timeout interval is the time delay between a forwarder failing on the network and the MAC address for which the forwarder was responsible becoming inactive on all of the routers in the GLBP group. After the timeout interval, packets sent to this virtual MAC address will be lost. The timeout interval must be long enough to allow all hosts to refresh their ARP cache entry that contained the virtual MAC address.
Examples
The following example shows GLBP group 1, on Fast Ethernet interface 0/0, being configured with a redirect timer of 600 seconds (10 minutes), and a timeout interval of 7200 seconds (2 hours):
interface fastethernet 0/0
glbp 10 timers redirect 600 7200
glbp timers
To configure the time between hello packets sent by the Gateway Load Balancing Protocol (GLBP) gateway and the time that the virtual gateway and virtual forwarder information is considered valid, use the glbp timers command in interface configuration mode. To restore the timers to their default values, use the no form of this command.
glbp group timers [msec] hellotime [msec] holdtime
no glbp group timers
Syntax Description
group
|
GLBP group number in the range from 0 to 1023.
|
msec
|
(Optional) Specifies that the following (hellotime or holdtime) argument value will be expressed in milliseconds.
|
hellotime
|
Hello interval. The default is 3 seconds (3000 milliseconds).
|
holdtime
|
Time before the virtual gateway and virtual forwarder information contained in the hello packet is considered invalid. The default is 10 seconds (10,000 milliseconds).
|
Defaults
hellotime: 3 seconds
holdtime: 10 seconds
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
Usage Guidelines
Routers on which timer values are not configured can learn timer values from the active virtual gateway (AVG). The timers configured on the AVG always override any other timer settings. All routers in a GLBP group should use the same timer values. If a GLBP gateway sends a hello message, the information should be considered valid for one holdtime. Normally, holdtime is greater than three times the value of hello time, (holdtime > 3 * hellotime). The range of values for holdtime force the holdtime to be greater than the hello time.
Examples
The following example shows the GLBP group 10 on Fast Ethernet interface 0/0 timers being configured for an interval of 5 seconds between hello packets, and the time after which virtual gateway and virtual forwarder information is considered to be invalid to 18 seconds:
interface fastethernet 0/0
glbp weighting track
To specify a tracking object where the Gateway Load Balancing Protocol (GLBP) weighting changes based on the availability of the object being tracked, use the glbp weighting track command in interface configuration mode. To remove the tracking, use the no form of this command.
glbp group weighting track object-number [decrement value]
no glbp group weighting track object-number [decrement value]
Syntax Description
group
|
GLBP group number in the range from 0 to 1023.
|
object-number
|
Object number representing an item to be tracked. Use the track command to configure the tracked object.
|
decrement value
|
(Optional) Specifies an amount by which the GLBP weighting for the router is decremented (or incremented) when the interface goes down (or comes back up). The value range is from 1 to 254, with a default value of 10.
|
Defaults
The default decrement value is 10.
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
Usage Guidelines
This command ties the weighting of the GLBP gateway to the availability of its interfaces. It is useful for tracking interfaces that are not configured for GLBP.
When a tracked interface goes down, the GLBP gateway weighting decreases by 10. If an interface is not tracked, its state changes do not affect the GLBP gateway weighting. For each GLBP group, you can configure a separate list of interfaces to be tracked.
The optional value argument specifies by how much to decrement the GLBP gateway weighting when a tracked interface goes down. When the tracked interface comes back up, the weighting is incremented by the same amount.
When multiple tracked interfaces are down, the configured weighting decrements are cumulative.
Use the track command to configure each interface to be tracked.
Examples
In the following example, Fast Ethernet interface 0/0 tracks two interfaces represented by the numbers 1 and 2. If interface 1 goes down, the GLBP gateway weighting decreases by the default value of 10. If interface 2 goes down, the GLBP gateway weighting decreases by 5.
interface fastethernet 0/0
ip address 10.21.8.32 255.255.255.0
glbp 10 weighting track 1
glbp 10 weighting track 2 decrement 5
Related Commands
Command
|
Description
|
glbp weighting
|
Specifies the initial weighting value of a GLBP gateway.
|
track
|
Configures an interface to be tracked.
|
glbp weighting
To specify the initial weighting value of the Gateway Load Balancing Protocol (GLBP) gateway, use the glbp weighting command in interface configuration mode. To restore the default values, use the no form of this command.
glbp group weighting maximum [lower lower] [upper upper]
no glbp group weighting
Syntax Description
group
|
GLBP group number in the range from 0 to 1023.
|
maximum
|
Maximum weighting value in the range from 1 to 254. Default value is 100.
|
lower lower
|
(Optional) Specifies a lower weighting value in the range from 1 to the specified maximum weighting value. Default value is 1.
|
upper upper
|
(Optional) Specifies an upper weighting value in the range from the lower weighting to the maximum weighting value. The default value is the specified maximum weighting value.
|
Defaults
The default gateway weighting value is 100 and the default lower weighting value is 1.
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
Usage Guidelines
The weighting value of a virtual gateway is a measure of the forwarding capacity of the gateway. If a tracked interface on the router fails, the weighting value of the router may fall from the maximum value to below the lower threshold, causing the router to give up its role as a virtual forwarder. When the weighting value of the router rises above the upper threshold, the router can resume its active virtual forwarder role.
Use the glbp weighting track and track commands to configure parameters for an interface to be tracked. If an interface on a router goes down, the weighting for the router can be reduced by a specified value.
Examples
The following example shows the weighting of the gateway for GLBP group 10 being set to a maximum of 110 with a lower weighting limit of 95 and an upper weighting limit of 105:
interface fastethernet 0/0
ip address 10.21.8.32 255.255.255.0
glbp 10 weighting 110 lower 95 upper 105
Related Commands
Command
|
Description
|
glbp weighting track
|
Specifies an object to be tracked that affects the weighting of a GLBP gateway.
|
track
|
Configures an interface to be tracked.
|
hardware-address
To specify the hardware address of a BOOTP client, use the hardware-address DHCP pool configuration command. It is valid for manual bindings only. To remove the hardware address, use the no form of this command.
hardware-address hardware-address type
no hardware-address
Syntax Description
hardware-address
|
Specifies the MAC address of the hardware platform of the client.
|
type
|
Indicates the protocol of the hardware platform. Strings and values are acceptable. The string options are:
• ethernet
• ieee802
The value options are:
• 1 10Mb Ethernet
• 6 IEEE 802
If no type is specified, the default protocol is Ethernet.
|
Defaults
Ethernet is the default type if none is specified.
Command Modes
DHCP pool configuration
Command History
Release
|
Modification
|
12.0(1)T
|
This command was introduced.
|
Examples
The following example specifies b708.1388.f166 as the MAC address of the client:
hardware-address b708.1388.f166 ieee802
Related Commands
Command
|
Description
|
client-identifier
|
Specifies the unique identifier of a DHCP client in dotted hexadecimal notation.
|
host
|
Specifies the IP address and network mask for a manual binding to a DHCP client.
|
ip dhcp pool
|
Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.
|
host
To specify the IP address and network mask for a manual binding to a Dynamic Host Configuration Protocol (DHCP) client, use the host command in DHCP pool configuration mode. To remove the IP address of the client, use the no form of this command.
host address [mask | prefix-length]
no host
Syntax Description
address
|
Specifies the IP address of the client.
|
mask
|
(Optional) Specifies the network mask of the client.
|
prefix-length
|
(Optional) Specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client. The prefix length must be preceded by a forward slash (/).
|
Command Modes
DHCP pool configuration
Command History
Release
|
Modification
|
12.0(1)T
|
This command was introduced.
|
Usage Guidelines
If the mask and prefix length are unspecified, DHCP examines its address pools. If no mask is found in the pool database, the Class A, B, or C natural mask is used. This command is valid for manual bindings only.
There is no limit on the number of manual bindings but you can configure only one manual binding per host pool.
Examples
The following example specifies 10.12.1.99 as the IP address of the client and 255.255.248.0 as the subnet mask:
host 10.12.1.99 255.255.248.0
Related Commands
Command
|
Description
|
client-identifier
|
Specifies the unique identifier of a Microsoft DHCP client in dotted hexadecimal notation.
|
hardware-address
|
Specifies the hardware address of a DHCP client.
|
ip dhcp pool
|
Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.
|
network (DHCP)
|
Configures the subnet number and mask for a DHCP address pool on a Cisco IOS DHCP server.
|